Privacy Policy

Our Commitment to Privacy

Spa Signals is committed to protecting your privacy and maintaining the highest standards of data protection. This Privacy Policy explains how we collect, use, and safeguard information through our services and SignalsID™ Pixel technology.

Information We Collect

From Spa Resort Clients

• Business contact information (name, email, phone, resort details)
• Account and billing information
• Marketing preferences and campaign data
• Usage analytics and platform interactions

Through SignalsID™ Pixel Technology

Identity & Enrichment Data

When users authenticate or provide consent, we may collect and process:

• Hashed email addresses (SHA-256)
• Device and session characteristics
• Behavioral patterns and engagement history
• Spa and wellness interest signals
• Demographic and spending capacity indicators (where lawful and consented)

How We Use Information

Service Delivery

• Create and deliver targeted audience segments
• Generate qualified leads for spa resort clients
• Enforce ID-level exclusivity locks and global suppression
• Provide analytics, reporting, and campaign optimization
• Integrate with advertising platforms and CRM systems

Platform Operations

• Maintain and improve our services and algorithms
• Detect and prevent fraud, spam, and abuse
• Ensure platform security and compliance
• Provide customer support and technical assistance

Data Sharing & Disclosure

With Spa Resort Clients

We share hashed audience data and consented lead information with our spa resort clients according to their service plans and exclusivity locks. All data sharing respects active locks and global suppression rules.

With Advertising Platforms

We may share hashed identifiers with advertising platforms (Meta, Google, etc.) to enable audience targeting and conversion tracking on behalf of our clients.

Service Providers

We work with trusted service providers who assist with hosting, analytics, payment processing, and other business operations. These providers are contractually bound to protect your information.

Your Rights & Choices

Access & Control

• Request access to your personal information
• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal and operational requirements)
• Opt out of marketing communications
• Object to certain data processing activities

Browser & Cookie Controls

You can manage cookies and tracking through your browser settings. Note that disabling certain cookies may affect the functionality of spa resort websites that use our services.

Data Security & Retention

We implement industry-standard security measures including:

• Encryption in transit and at rest
• Hashed storage of all personal identifiers
• Access controls and audit logging
• Regular security assessments and updates
• Incident response and breach notification procedures

Data retention periods vary by service plan (90 days to 12 months) and are automatically enforced. Clients may request earlier deletion where technically feasible and legally permitted.

Regional Privacy Rights

California Residents (CCPA/CPRA)

California residents have additional rights including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information for monetary consideration.

European Residents (GDPR)

European residents have rights including access, rectification, erasure, restriction, portability, and objection. Our lawful bases include legitimate interests for business operations and consent for direct marketing activities.

Contact Information

For privacy-related questions, requests, or concerns, please contact us:

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be communicated via email or prominent notice on our website.